-
Bug
-
Resolution: Obsolete
-
Major
-
JBossAS-4.2.1.GA
-
None
JAAS authentication cache is responsible for two classloader leaks through org.jboss.utils.TimedCachePolicy, causing classes of undeployed applications not be unloaded. The second is not a huge problem, but still real, and is related to JBAS-3986.
First problem is the creation of resolutionTimer. If TimedCachePolicy is used for the first time when my web application is accessed, the resolutionTimer object is created in the context of the web app, and the timer thread attached to the timer inherits the current context class loader, that is my web app's class loader. This results in a permanent reference to that class loader, and it can never be unloaded.
The second problem is the fact that the expired entries are purged from the cache only when they are accessed. If some credentials are once used, and then never used again, they remain in the cache, and these cached LoginContexts contain references to the web app class loaders.
First problem is fixable by temporarily changing current thread context class loader when first creating the resolutionTimer.
The second problem could be fixed by JBoss automatically flushing the authentication cache when the web app is undeployed.